What describes the impact of false-positive alerts compared to false-negative alerts?
A.
A false negative is alerting for an XSS attack. An engineer investigates the alert and discovers that an XSS attack happened A false positive is when an XSS attack happens and no alert is raised
B.
A false negative is a legitimate attack triggering a brute-force alert. An engineer investigates the alert and finds out someone intended to break into the system A false positive is when no alert and no attack is occurring
C.
A false positive is an event alerting for a brute-force attack An engineer investigates the alert and discovers that a legitimate user entered the wrong credential several times A false negative is when a threat actor tries to brute-force attack a system and no alert is raised.
D.
A false positive is an event alerting for an SQL injection attack An engineer investigates the alert and discovers that an attack attempt was blocked by IPS A false negative is when the attack gets detected but succeeds and results in a breach.
False positives and false negatives are terms used to describe the accuracy of security alerts. A false positive occurs when a security system incorrectly identifies benign activity as malicious, leading to unnecessary investigation and potential disruption of legitimate activities. Conversely, a false negative happens when a security system fails to detect actual malicious activity, allowing the attackers to proceed undetected. The impact of false positives is generally wasted time and resources investigating non-issues, while the impact of false negatives can be much more severe, potentially leading to undetected breaches and significant damage.
The CBROPS curriculum covers the concepts of false positives and false negatives in the context of security monitoring and alerting systems
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit